Kaspersky ID:
KLA10945
Detect Date:
01/06/2017
Updated:
01/22/2024

Description

Multiple serious vulnerabilities have been found in Kaspersky products. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Multiple information leaks in different IOCTL handlers of Kaspersky Internet Security KLDISK driver can be exploited locally via a specially designed IOCTL requests to return out-of-bounds kernel memory and possibly obtain sensitive information as a result;
  2. Vulnerabilities in syscall filtering functionality of Kaspersky Internet Security KLIF driver can be expoited locally via a specially designed native api call to cause an access violation resulting in a denial of service.

Technical details

All vulnerabilities can be exploited only in case machine already contains a malicious program.

Original advisories

Related products

CVE list

  • CVE-2016-4306
    warning
  • CVE-2016-4305
    warning
  • CVE-2016-4304
    warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.